Répondre à : Virus sur ma clé Usb 2016-09-08T13:09:39+00:00
Miss_estrellita
Participant
Nombre d'articles : 23

Merci pour votre rapidité de réponse 🙂

Voici le rapport ![spoiler:1dd2uds1]############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Magda RAIS (Administrateur) # MAGDARAIS-TOSH
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 11:01:20 | 16/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Intel Corp. (Base Board Product Name)
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
RAM -> [Total : 4078 | Free : 1880]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16721

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 297 Go (242 Go libre(s) – 81%) [WINDOWS] # NTFS
D: -> Disque fixe # 298 Go (260 Go libre(s) – 87%) [Data] # NTFS
E: -> CD-ROM
F: -> Disque amovible # 30 Go (30 Go libre(s) – 97%) [USB20FD] # FAT32

################## | Regedit Run |

HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [NBAgent] – “c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWARE | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWARE | Run : [AdobeCS5.5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [ToshibaServiceStation] – “C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe” /hide:60
HKLMSOFTWAREwow6432Node | Run : [avast] – “C:Program FilesAVAST SoftwareAvastavastUI.exe” /nogui
HKLMSOFTWAREwow6432Node | Run : [AdobeCS5.5ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-21-339401442-3039507466-214422036-1000SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-339401442-3039507466-214422036-1000SOFTWARE | Run : [Google Update] – “C:UsersMagda RAISAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
HKUS-1-5-21-339401442-3039507466-214422036-1000SOFTWARE | Run : [Sidebar] – C:Program FilesWindows Sidebarsidebar.exe /autoRun
HKUS-1-5-21-339401442-3039507466-214422036-1000SOFTWARE | Run : [Skype] – “C:Program Files (x86)SkypePhoneSkype.exe” /minimized /regrun
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP

################## | Processus Stoppés |

Stoppé! C:Windowssystem32nvvsvc.exe (ID 876 |ParentID 672)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID 1356 |ParentID 672)
Stoppé! C:Windowssystem32WLANExt.exe (ID 1364 |ParentID 1008)
Stoppé! C:Windowssystem32conhost.exe (ID 1372 |ParentID 548)
Stoppé! C:WindowsSystem32spoolsv.exe (ID 1564 |ParentID 672)
Stoppé! C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 1720 |ParentID 672)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (ID 2044 |ParentID 672)
Stoppé! C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (ID 1376 |ParentID 672)
Stoppé! C:Windowssystem32ThpSrv.exe (ID 2064 |ParentID 672)
Stoppé! C:Windowssystem32TODDSrv.exe (ID 2388 |ParentID 672)
Stoppé! C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID 2516 |ParentID 876)
Stoppé! C:Windowssystem32nvvsvc.exe (ID 2528 |ParentID 876)
Stoppé! C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 2688 |ParentID 672)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 2788 |ParentID 672)
Stoppé! C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (ID 2872 |ParentID 672)
Stoppé! C:Program FilesTOSHIBATECOTecoService.exe (ID 2940 |ParentID 672)
Stoppé! C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 2992 |ParentID 2788)
Stoppé! C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE (ID 3080 |ParentID 672)
Stoppé! C:Windowssystem32taskhost.exe (ID 3484 |ParentID 672)
Stoppé! C:WindowsSystem32rundll32.exe (ID 3804 |ParentID 800)
Stoppé! C:Windowssystem32taskeng.exe (ID 3948 |ParentID 444)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe (ID 1920 |ParentID 3948)
Stoppé! C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 2616 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBABulletinBoardTosNcCore.exe (ID 908 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBAReelTimeTosReelTimeMonitor.exe (ID 2348 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 3656 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 2108 |ParentID 3864)
Stoppé! C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2612 |ParentID 3864)
Stoppé! C:WindowsSystem32ThpSrv.exe (ID 2684 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBATECOTeco.exe (ID 3572 |ParentID 3864)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID 3440 |ParentID 672)
Stoppé! C:Program FilesSynapticsSynTPSynTPHelper.exe (ID 4152 |ParentID 2612)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe (ID 4200 |ParentID 3864)
Stoppé! C:Program FilesWindows Sidebarsidebar.exe (ID 4428 |ParentID 3864)
Stoppé! C:Program Files (x86)SkypePhoneSkype.exe (ID 4768 |ParentID 3864)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe (ID 4836 |ParentID 3864)
Stoppé! C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID 4884 |ParentID 3864)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID 5100 |ParentID 672)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe (ID 5116 |ParentID 1920)
Stoppé! C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.EXE (ID 3152 |ParentID 3864)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe (ID 3404 |ParentID 4812)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID 604 |ParentID 4812)
Stoppé! C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID 4128 |ParentID 4812)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe (ID 3296 |ParentID 672)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtSrv.exe (ID 3828 |ParentID 672)
Stoppé! C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe (ID 3448 |ParentID 672)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 5416 |ParentID 672)
Stoppé! c:Program Files (x86)NeroUpdateNASvc.exe (ID 5716 |ParentID 672)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosA2dp.exe (ID 5924 |ParentID 4836)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHid.exe (ID 6060 |ParentID 4836)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHsp.exe (ID 1572 |ParentID 4836)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StackTosAVRC.exe (ID 5320 |ParentID 4836)
Stoppé! C:Program Files (x86)ToshibaBluetooth Toshiba StacktosOBEX.exe (ID 1684 |ParentID 4836)
Stoppé! C:Program Files (x86)TOSHIBABluetooth Toshiba StacktosBtProc.exe (ID 6116 |ParentID 1684)
Stoppé! C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe (ID 5392 |ParentID 672)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID 5884 |ParentID 672)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 4260 |ParentID 672)
Stoppé! C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 6176 |ParentID 672)
Stoppé! C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 6188 |ParentID 3432)
Stoppé! C:WindowsSystem32WUDFHost.exe (ID 6560 |ParentID 1008)
Stoppé! C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 7060 |ParentID 3332)
Stoppé! C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID 7120 |ParentID 3864)
Stoppé! C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe (ID 2320 |ParentID 4852)
Stoppé! C:WindowsSysWOW64ctfmon.exe (ID 1492 |ParentID 604)
Stoppé! C:WindowsSysWOW64NOTEPAD.EXE (ID 6212 |ParentID 6864)
Stoppé! C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID 2152 |ParentID 7120)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 4220 |ParentID 2152)
Stoppé! C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID 5272 |ParentID 4220)

################## | Éléments infectieux |

Supprimé! F:Table de multiplication.doc.lnk
Supprimé! F:doc info cours.doc.lnk
Supprimé! F:Activites-des-clubs-seniors.pdf.lnk
Supprimé! F:Des services en ligne.docx.lnk
Supprimé! F:Pour que le forum reste un endroit convivial.docx.lnk
Supprimé! F:CV_Magda_RAIS.doc.lnk
Supprimé! F:Magda RAIS LM.doc.lnk
Supprimé! F:Magda RAIS – CV old.docx.lnk
Supprimé! F:CLE ASSOs.lnk
Supprimé! F:Autorun.inf.lnk
Supprimé! F:~WRL0001.tmp.lnk
Supprimé! F:Facebook.vbs

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[30/03/2012 – 15:44:10 | SHD ] C:$RECYCLE.BIN
[28/05/2013 – 18:55:02 | RASHD ] C:Autorun.inf
[29/05/2013 – 17:31:58 | N | 2542] C:DelFix.txt
[02/04/2012 – 19:12:22 | D ] C:DiacammaClient
[14/07/2009 – 07:08:56 | SHD ] C:Documents and Settings
[16/10/2013 – 10:32:04 | ASH | 3206959104] C:hiberfil.sys
[17/11/2011 – 15:32:12 | RD ] C:MSOCache
[16/10/2013 – 10:32:04 | ASH | 4275945472] C:pagefile.sys
[14/07/2009 – 05:20:08 | D ] C:PerfLogs
[09/06/2013 – 13:28:51 | D ] C:Program Files
[14/10/2013 – 12:43:55 | D ] C:Program Files (x86)
[30/09/2013 – 10:29:23 | D ] C:ProgramData
[13/05/2011 – 09:22:02 | N | 176] C:SWSTAMP.TXT
[16/10/2013 – 10:38:30 | SHD ] C:System Volume Information
[29/10/2011 – 16:27:00 | D ] C:Toshiba
[16/10/2013 – 11:02:17 | D ] C:UsbFix
[16/10/2013 – 11:03:38 | A | 11182] C:UsbFix [Clean 1] MAGDARAIS-TOSH.txt
[16/10/2013 – 10:59:11 | N | 11701] C:UsbFix [Scan 1] MAGDARAIS-TOSH.txt
[29/10/2011 – 16:17:20 | D ] C:Users
[04/12/2012 – 00:37:07 | D ] C:wamp
[01/10/2013 – 09:56:46 | D ] C:Windows
[29/10/2011 – 16:19:05 | D ] D:$RECYCLE.BIN
[28/05/2013 – 18:55:02 | RASHD ] D:Autorun.inf
[21/05/2011 – 21:18:43 | D ] D:HDDRecovery
[30/10/2011 – 15:53:29 | D ] D:MAGDARAIS-TOSH
[30/10/2011 – 15:53:05 | N | 528] D:MediaID.bin
[21/05/2011 – 22:26:55 | N | 11] D:R15592SO.tag
[30/10/2011 – 16:34:07 | SHD ] D:System Volume Information
[25/12/2012 – 16:34:20 | N | 465] D:WINDOWS (C) – Raccourci.lnk
[30/10/2011 – 15:54:55 | D ] D:WindowsImageBackup
[22/05/2013 – 14:52:04 | D ] F:CLE ASSOs
[03/06/2013 – 23:01:02 | HD ] F:Autorun.inf
[13/06/2013 – 16:34:04 | N | 135168] F:Table de multiplication.doc
[27/06/2013 – 15:38:30 | N | 1381376] F:doc info cours.doc
[28/06/2013 – 12:08:26 | N | 797946] F:Activites-des-clubs-seniors.pdf
[14/09/2013 – 10:21:52 | N | 14332] F:Des services en ligne.docx
[06/09/2013 – 12:17:10 | N | 24377] F:Pour que le forum reste un endroit convivial.docx
[07/06/2013 – 16:04:38 | N | 23040] F:Magda RAIS LM.doc
[27/09/2013 – 12:55:46 | N | 26883] F:Magda RAIS – CV old.docx
[03/10/2013 – 16:16:22 | N | 51712] F:CV_Magda_RAIS.doc

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:1dd2uds1]